VDB

CVE-2021-23215

CVE-2021-23215 PUBLISHED

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

EPSS 0.54% · 68.1th percentile

Risk Scores

EPSS Score
0.54%
68.1th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:20.04:LTSopenexr0, 2.3.0-6build1, 2.3.0-6ubuntu0.5
Ubuntu:18.04:LTSopenexr2.2.0-11.1ubuntu1.2, 0, 2.2.0-11ubuntu1
Ubuntu:Pro:16.04:LTSopenexr2.2.0-7ubuntu1, 2.2.0-1ubuntu3, 0

Timeline

  • May 5, 2021 CVE Published
  • Jun 9, 2021 EPSS Score
  • Aug 10, 2021 EPSS Score
  • Oct 10, 2021 EPSS Score
  • Dec 9, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 8, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 10, 2022 EPSS Score
  • Jun 10, 2022 EPSS Score
  • Aug 11, 2022 EPSS Score
  • Oct 11, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›